Jekyll2021-02-01T13:26:25+00:00http://archive.azurecitadel.com/feed.xmlAzure CitadelAzure related training material developed and maintained by the technical field team at Microsoft.Richard Cheneyrichard.cheney@microsoft.comNew custom policy lab2020-09-03T00:00:00+00:002020-09-03T00:00:00+00:00http://archive.azurecitadel.com/news/custom-policy<h2 id="tldr">tl;dr</h2>
<p>New lab for Custom Policies & Aliases. Use either:</p>
<ul>
<li><a href="https://azurecitadel.com/automation/policy/custom/">Existing Citadel site</a></li>
<li><a href="https://hugo.azurecitadel.com/policy/custom/">New WIP Hugo site</a></li>
</ul>
<h2 id="background">Background</h2>
<p>Many of you are making use of Azure Policy to help standardise the governance and compliancy requirements of end customers. It is a key element of the <a href="https://aka.ms/caf">Cloud Adoption Framework</a> and the Enterprise Scale reference materials that will be a focus for partners this year.</p>
<p>We are fortunate in that the number of policies and initiatives is now very extensive and is still growing.</p>
<p>Here is a list of the places we check first:</p>
<ul>
<li>Built-in Policy Definitions in the <a href="https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Definitions">portal</a>, <a href="https://docs.microsoft.com/azure/governance/policy/samples/built-in-policies">docs</a> and <a href="https://github.com/Azure/azure-policy">repo</a></li>
<li><a href="https://github.com/Azure/azure-policy/tree/master/samples">Sample custom policies</a></li>
<li><a href="https://github.com/Azure/Community-Policy">Community Policy</a></li>
</ul>
<p>The last resource is where Azure customers and Microsoft teams collaborate and contains some great real world content.</p>
<h2 id="custom-policies">Custom policies</h2>
<p>If you have a specific customer requirement that could be covered by Policy but cannot be found in any of these source areas then you can always create your own. Making custom policy is easier now than it was in the early days, but is still moderately difficult, requiring an understanding of the ARM resource provider types and how to leverage the property aliases, as well as the format of custom policies.</p>
<p>So we have added a new lab into the middle of the <a href="https://azurecitadel.com/automation/policy">Azure Policy</a> group. The new lab is <a href="https://azurecitadel.com/automation/policy/custom/">Custom Policies & Aliases</a> and walks you through a real example that I went through with a partner to meet a customer demand. It is useful examples as it demonstrates the process as well as providing a good tour of the tooling, documentation and the various constructs available in the ARM policy schema.</p>
<h2 id="new-hugo-azure-citadel-site">New Hugo Azure Citadel site</h2>
<p>We are working on the next iteration of Azure Citadel to strip out the older content and to make the labs you enjoy easier to find and to navigate. This new lab is available there if you want to get a preview of the new format.</p>
<p>Note that it is a work in progress, using <a href="https://gohugo.io/">Hugo</a> to generate the static HTML from the content <a href="https://github.com/azurecitadel/azurecitadel">repo</a> using a custom theme based on the open sourced <a href="https://primer.style/">Primer</a> CSS used on the GitHub docs sites. It is then deployed using CI/CD integration to <a href="https://azure.microsoft.com/services/app-service/static/">Azure Static Web Apps</a>. The site is guaranteed to change over the next few months - and that may include the urls.</p>
<p>If you want to run through the lab in the new formatting then go here: <a href="https://hugo.azurecitadel.com/policy/custom/">Custom Policies & Aliases (Hugo)</a></p>
<p>Enjoy!</p>Richard Cheneyrichard.cheney@microsoft.comAdditional lab for custom policy creation.WSL2 goes GA with the Windows 10 May 2020 update2020-05-28T00:00:00+00:002020-05-28T00:00:00+00:00http://archive.azurecitadel.com/news/wsl2-vscode-docker-terminal<h2 id="introduction">Introduction</h2>
<p>Those of you using the site know that we are big fans of vscode and running WSL on Windows. We have a strong focus on open source software here and appreciate the direction the product groups are taking in terms of open source support on Windows 10.</p>
<p>We have been using WSL2 for a long time, putting up with the frequent OS updates on the Insiders fast ring purely to get the benefit. (Thank goodness for the shift to the slow ring late last year.)</p>
<p>WSL1 was a major innovation, but it was limited for development as the filesystem was slow and it did not have full system call compatibility. WSL2 addressed that by including the full Linux kernel in a lightweight VM. They have worked some serious magic here, with usual startup time under a second.</p>
<p>WSL2 was prominent at <a href="https://aka.ms/build">Microsoft Build</a> along with some of the other tooling included in this post such as Windows Terminal which has also gone GA. (If you missed <a href="https://mybuild.microsoft.com/sessions/871ef73f-f04a-405b-a0fa-01d7433067d1?source=sessions">Scott Henselman’s keynote</a> then that is recommended.) This post will use winget to install Windows Terminal, and then add in a few customisations. And we’ll also configure both Visual Studio Code and Docker Desktop to use WSL2 as the backend.</p>
<p>Right, let’s get on with it!</p>
<h2 id="wsl2">WSL2</h2>
<p>Update to WSL2</p>
<ul>
<li><a href="https://support.microsoft.com/help/4028685/windows-10-get-the-update">Update</a> to Windows 10, version 2004 (build 19041)</li>
<li>Enable <a href="https://aka.ms/wslinstall">WSL2</a></li>
<li>
<p>Download a distro from the Windows Store</p>
<p><img src="/images/posts/2020-05-28-distros.png" alt="Windows Store" /></p>
<blockquote>
<p>If you are downloading a new distro from the Windows Store and you don’t have a preference then I would recommend Ubuntu 20.04. This post will assume Ubuntu from this point; if you have chosen another flavour of Linux then substitute it in.</p>
</blockquote>
</li>
</ul>
<p>Here are a few recommended updates for initial config, assuming your distro is Ubuntu 20.04:</p>
<ul>
<li>
<p>Update the OS</p>
<pre><code class="language-bash"> sudo apt update && sudo apt full-upgrade -y
</code></pre>
</li>
<li>
<p>Install git</p>
<pre><code class="language-bash"> sudo apt install git
</code></pre>
<blockquote>
<p>Needed by vscode for source control when using Remote-WSL</p>
</blockquote>
</li>
<li>
<p>Install Azure CLI</p>
<pre><code class="language-bash"> curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
</code></pre>
<blockquote>
<p>From <a href="https://docs.microsoft.com/cli/azure/install-azure-cli-apt">https://docs.microsoft.com/cli/azure/install-azure-cli-apt</a></p>
</blockquote>
</li>
</ul>
<h2 id="windows-terminal">Windows Terminal</h2>
<p>You could download <a href="https://aka.ms/terminal">Windows Terminal</a> from the store, but where’s the fun in that. Let’s use the new winget package manager instead.</p>
<ul>
<li>Open either Command Prompt or PowerShell</li>
<li>
<p>Install Windows Terminal</p>
<pre><code class="language-bat"> winget install terminal --rainbow
</code></pre>
<p>Example:</p>
<p><img src="/images/posts/2020-05-28-winget.png" alt="winget install terminal" /></p>
<p>Once it is downloaded then you can close Command Prompt and open Windows Terminal instead.</p>
</li>
<li>
<p>Check the drop down next to the default tab and you’ll see it has auto-detected Windows PowerShell, Command Prompt, Azure Cloud Shell, plus anything else you have installed such as your WSL Linux distributions and PowerShell Core:</p>
<p><img src="/images/posts/2020-05-28-terminal.png" alt="terminal" /></p>
<p>It supports multiple tabs and multiple panes, full characters sets etc.</p>
</li>
</ul>
<p>If you are spending a lot of time in the CLI then your Windows Terminal probably deserves a little customisation, which is covered in the last section of this post.</p>
<h2 id="visual-studio-code-and-the-remote-development-extension-pack">Visual Studio Code and the Remote Development extension pack</h2>
<p>You could browse to the <a href="https://aka.ms/vscode">vscode download page</a> and then follow the <a href="https://code.visualstudio.com/docs/editor/extension-gallery">install extensions</a> to install the <a href="https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.vscode-remote-extensionpack">Remote Development</a> extension pack, but for speed and brevity here are the PowerShell or Command Prompt commands:</p>
<ul>
<li>
<p>Open Command Prompt or PowerShell</p>
<blockquote>
<p>Windows Terminal is assumed for all CLI use from this point!</p>
</blockquote>
</li>
<li>
<p>Install Visual Studio Code</p>
<pre><code class="language-bat"> winget install vscode --rainbow
</code></pre>
</li>
<li>
<p>Install Remote Development extension pack</p>
<pre><code class="language-bat"> code --install-extension ms-vscode-remote.vscode-remote-extensionpack
</code></pre>
</li>
</ul>
<h2 id="opening-vscode-from-wsl2">Opening vscode from WSL2</h2>
<p>My favourite way to open vscode is directly from Windows Terminal.</p>
<ul>
<li>Open Ubuntu</li>
<li>
<p>Change to your desired working directory, e.g.</p>
<pre><code class="language-bash"> cd /git/my-repo
</code></pre>
</li>
<li>
<p>Open vscode</p>
<pre><code class="language-bash"> code .
</code></pre>
<p>This makes use of the magical integration between WSL and Windows 10 to open the application at the OS level. Note the <code>>< WSL: Ubuntu</code> at the bottom left, denoting Remote-WSL use and the distro. You can also remote via SSH, into local Containers, or the hosted containers called CodeSpaces. Check out the extensions</p>
</li>
<li>Open the integrated terminal using <code>CTRL</code>+<code>'</code></li>
<li>
<p>Run <code>lsb_release -a</code> to show the Ubuntu version</p>
<p><img src="/images/posts/2020-05-28-vscode.png" alt="vscode" /></p>
</li>
</ul>
<p>You are now running the vscode-server backend process in WSL2.</p>
<p>Top tips:</p>
<ol>
<li>Use the local filesystem spaces in preference to anything within /mnt/c as it will run significantly faster</li>
<li>
<p>Go to <code>\\wsl$\Ubuntu</code> in File Explorer, e.g.</p>
<p><img src="/images/posts/2020-05-28-explorer.png" alt="File Explorer" /></p>
<blockquote>
<p>Change Ubuntu to the name of your distro from <code>wsl -l -v</code></p>
</blockquote>
<p>You can drag and drop files between Windows and Linux filesystems and it seems to handle the EOL conversion nicely.</p>
</li>
</ol>
<h2 id="docker">Docker</h2>
<p>Running linux Docker containers on Windows using Docker Desktop has traditionally used a full VM on the Hyper-V subsystem. It has been completely separate from anything with WSL. Docker Desktop will now use the <a href="https://docs.docker.com/docker-for-windows/wsl/">WSL2 backend</a> as the default backend on systems that support WSL2. It is a lot quicker and reduces Docker Desktop’s memory usage.</p>
<p>Docker Desktop runs in the systray. Hover over the icon to see the status in the tooltip, and right click for the context menu for settings, restart, learn etc.</p>
<ul>
<li>Install Docker Desktop
<ul>
<li>You will need to be running the session as Administrator. (Start -> “Terminal” -> Right Click -> Run As Administrator)</li>
</ul>
<pre><code class="language-bat"> winget install DockerDesktop
</code></pre>
<ul>
<li><em>Enable WSL2 Windows Features</em> should now be checked by default in the dialog box</li>
<li>Close the <em>Installation succeeded</em> dialog box once deployed</li>
</ul>
</li>
<li>Start Docker Desktop (from the Start Menu)
<ul>
<li>Wait for the systray icon to move from “Docker is starting” to “Docker Desktop is running”</li>
</ul>
</li>
<li>Skip the <em>Get Started with Docker</em> tutorial
<ul>
<li>You can always restart the tutorial via Learn on the context menu</li>
</ul>
</li>
<li>Click on Settings
<ul>
<li>General: Use the WSL2 based engine is checked</li>
<li>Resources; WSL Integration: Your default distro should be checked and you can add others</li>
</ul>
<p><img src="/images/posts/2020-05-28-docker.png" alt="docker" /></p>
</li>
<li>
<p>Open Command Prompt</p>
<pre><code class="language-bat"> docker run -dp 80:80 docker/getting-started
</code></pre>
</li>
<li>
<p>Open a browser and go to <a href="http://localhost:80">http://localhost:80</a></p>
<p><img src="/images/posts/2020-05-28-localhost.png" alt="getting-started" /></p>
<p>The container is running.</p>
</li>
<li>
<p>Open Ubuntu</p>
<ul>
<li>Check the container is running within WSL2</li>
</ul>
<pre><code class="language-bash"> docker ps
</code></pre>
<p>Example output:</p>
<pre><code class="language-text"> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b005a3a10b28 docker/getting-started "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:80->80/tcp priceless_dirac
</code></pre>
</li>
</ul>
<p>OK, it is working. If you want to look at using Visual Studio Code with containers as a next step, then start <a href="https://code.visualstudio.com/docs/remote/containers#_quick-start-try-a-dev-container">here</a>.</p>
<h2 id="customising-windows-terminal">Customising Windows Terminal</h2>
<p>Windows Terminal is hugely customisable. See <a href="https://aka.ms/terminal-docs">https://aka.ms/terminal-docs</a> for full info. There is a setting UI coming in a future version of Terminal, but in the meantime we’ll customise the settings.json. (It is recommended to associate JSON files with vscode rather than Notepad.) Note that there is a read only system level settings file and then your settings.json overrides or extends the config.</p>
<p>If you are in Windows Terminal then <code>CTRL</code>+<code>,</code> will open the settings.</p>
<p>There are four sections:</p>
<ol>
<li><a href="https://docs.microsoft.com/windows/terminal/customize-settings/global-settings">Global settings</a></li>
<li><a href="https://docs.microsoft.com/windows/terminal/customize-settings/profile-settings">Profile settings</a></li>
<li><a href="https://docs.microsoft.com/windows/terminal/customize-settings/color-schemes">Colour schemes</a></li>
<li><a href="https://docs.microsoft.com/windows/terminal/customize-settings/key-bindings">Key bindings</a></li>
</ol>
<p>I’ll give an example or two from each from my settings.json. It is entirely up to you whether you want to add them to your personal settings.json file.</p>
<p>I’ll start at the bottom.</p>
<h3 id="key-bindings">Key Bindings</h3>
<p>There are a huge number of default keyboard shortcuts, but much like vscode there is massive scope to customise.</p>
<ul>
<li>Scroll to the <code>"keybindings": []</code> array</li>
<li>
<p>Paste in the following between the square braces</p>
<pre><code class="language-json"> { "command": "closePane", "keys": [ "ctrl+w" ] },
{ "command": { "action": "splitPane", "split": "horizontal" }, "keys": [ "ctrl+shift+-" ] },
{ "command": { "action": "splitPane", "split": "vertical" }, "keys": [ "ctrl+shift+=" ] },
{ "command": { "action": "splitPane", "split": "horizontal", "profile": "Command Prompt" }, "keys": "ctrl+shift+d" }
</code></pre>
</li>
<li>Press <code>ALT</code>+<code>SHIFT</code>+<code>F</code> to auto-format the file</li>
</ul>
<p>The first three bindings override existing keyboard shortcuts. The last one is a new custom rule based on Kayla Cinnamon’s config.</p>
<h3 id="colour-schemes">Colour Schemes</h3>
<p>Almost mandatory for WSL2’s default colour scheme…</p>
<ul>
<li>Scroll to the <code>"schemes": []</code> array</li>
<li>
<p>Paste the following between the square braces</p>
<pre><code class="language-json"> {
"background": "#000000",
"black": "#151515",
"blue": "#6A8799",
"brightBlack": "#636363",
"brightBlue": "#7EAAC7",
"brightCyan": "#ACBBD0",
"brightGreen": "#A0AC77",
"brightPurple": "#B48EAD",
"brightRed": "#BC5653",
"brightWhite": "#F7F7F7",
"brightYellow": "#EBC17A",
"cyan": "#C9DFFF",
"foreground": "#D9D9D9",
"green": "#909D63",
"name": "Relaxed",
"purple": "#B06698",
"red": "#BC5653",
"white": "#D9D9D9",
"yellow": "#EBC17A"
}
</code></pre>
</li>
<li>Press <code>ALT</code>+<code>SHIFT</code>+<code>F</code> to auto-format the file</li>
</ul>
<p>You can find lots of examples of colour schemes. Visual Studio Code will realise they are hex colour values and display the colour. Hover over a hex code and the colour picker will be displayed.</p>
<h3 id="profile-settings">Profile Settings</h3>
<p>The profiles section has a defaults object and a list array containing the individual profiles.</p>
<p>Most of my config is in the default section to standardise across all of them:</p>
<pre><code class="language-json">"defaults": {
"backgroundImageOpacity": 0.5,
"backgroundImageStretchMode": "none",
"fontFace": "Cascadia Code",
"acrylicOpacity": 0.8,
"cursorColor": "#FFFFFF",
"cursorHeight": 25,
"cursorShape": "vintage",
"fontSize": 14,
"colorScheme": "Relaxed",
"useAcrylic": true,
"closeOnExit": true
}
</code></pre>
<p>All of these can be overridden per profile in the list. Here are some additional settings I have within my default Ubuntu profile:</p>
<pre><code class="language-json">{
"guid": "{2c4de342-38b7-51cf-b940-2309a097f518}",
"backgroundImage": "%USERPROFILE%/OneDrive/terminal/OS_Ubuntu.png",
"backgroundImageAlignment": "bottomRight",
"commandline": "wsl.exe ~",
"icon": "%USERPROFILE%/OneDrive/terminal/ubuntu.png",
"name": "Ubuntu 18.04",
"tabTitle": "Ubuntu",
"source": "Windows.Terminal.Wsl",
"hidden": false
},
</code></pre>
<p>The commandline has been configured to go straight to the home directory.</p>
<p>You can use custom images for your icons and backgrounds. I have a small logo for Ubuntu or Microsoft at the bottom right. Animated gifs are supported if you want to go mad. I created a terminal folder within my personal OneDrive and placed the images there.</p>
<p>Another alternative is to use the roaming profile folder for the UWP app. It is more of a pain to find, but will work across your machines. Amusingly it is easiest to get there from within WSL2.</p>
<ul>
<li>
<p>In Ubuntu</p>
<pre><code class="language-bash"> (cd /mnt/c/Users/richeney/AppData/Local/Packages/Microsoft.WindowsTerminal_*/RoamingState && explorer.exe .)
</code></pre>
<blockquote>
<p>This creates a sub shell in Bash, moves to the right directory and then triggers File Explorer.</p>
</blockquote>
</li>
<li>
<p>Put the files in that folder and you can then use the following pathing format in the profile:</p>
<pre><code class="language-json"> "backgroundImage": "ms-appdata:///roaming/myImage.png"
</code></pre>
</li>
</ul>
<h3 id="global-settings">Global Settings</h3>
<p>The global settings are at the top of the file. They are for the global application level settings such as theme, tabs, initial size etc. The most important one is the defaultProfile. If you want to change it from PowerShell to one of your WSL distros then copy the GUID from the list and set it here.</p>
<pre><code class="language-json"> "defaultProfile": "{2c4de342-38b7-51cf-b940-2309a097f518}",
"initialCols": 120,
"initialRows": 30,
"copyOnSelect": false,
</code></pre>
<h2 id="finishing-up">Finishing up</h2>
<p>This took longer than I thought to write up, but I know there will be a lot of interest in setting up Windows 10 for OSS development.</p>
<p>We use these tools every day when automating on Azure and it makes it an absolute pleasure. Enjoy!</p>Richard Cheneyrichard.cheney@microsoft.comChange up your laptop config for Ubuntu, Docker, Visual Studio Code etc.Edge extensions to download Azure icons and mask sensitive data2020-02-24T00:00:00+00:002020-02-24T00:00:00+00:00http://archive.azurecitadel.com/news/edge-extensions<h2 id="introduction">Introduction</h2>
<p>We are big fans of the work done by the Edge team with the new Chromium based browser. We’ve been using it from Canary to Dev to Beta versions, and it quickly became our default browser within the team.</p>
<p>One thing that makes it all the more useful is the extensibility. There are a couple of useful extensions that we use regularly, and we thought it only right to share them now that Edge has gone GA. (If you prefer Chrome then they’ll work there too.)</p>
<p>Both extensions are community contributions from Microsoft employees and are designed to enhance your use of the Azure Portal. Both have been asked not to use the name “Azure” in their titles due to trademark infringement. This has made them a little more difficult to find so here is a quick post to help their work reach a slightly wider audience.</p>
<h2 id="amazing-icon-downloader">Amazing Icon Downloader</h2>
<p>This is a great little extension that lights up whenever you are in the portal, and makes if very easy to scrape out any of the icons as SVG files. As SVG files are vector based then they scale beautifully, with no jagged edges regardless of the size, and they are natively supported in Visio, PowerPoint and the other office apps. You just drag them straight in. So no more excuses for using any of the old icons in your presentations or architectural diagrams!</p>
<p>Here is an example screenshot:</p>
<p><img src="/images/posts/2020-02-24-amazing-icon-downloader.png" alt="Amazing Icon Downloader" /></p>
<h3 id="enable-chrome-store">Enable Chrome Store</h3>
<p>If you are in Chrome then you can go straight to the <a href="#install-the-extension">next step</a>.</p>
<p>In Edge, enable the Chrome Store in the <a href="edge://extensions/">extensions</a> screen:</p>
<ul>
<li>Click on the ellipsis at the top right (<strong>…</strong>)</li>
<li>Click on <strong>Extensions</strong>
<ul>
<li>If the menu on the left is not visible then click on the hamburger to open it up</li>
</ul>
</li>
<li>Toggle the “Allow extensions from other stores” button</li>
</ul>
<p><img src="/images/posts/2020-02-24-enable-chrome-store.png" alt="Enable Chrome Store" /></p>
<h3 id="install-the-extension">Install the extension</h3>
<p>Go to the <a href="https://chrome.google.com/webstore/detail/amazing-icon-downloader/kllljifcjfleikiipbkdcgllbllahaob">Amazing Icon Downloader</a> page in the Chrome Store.</p>
<p>Enjoy Matt’s Overview description, and then click on that big blue “Add to Chrome” button.</p>
<p>It is up to you whether you keep it visible or move it to the menu via the right click.</p>
<h2 id="azure-mask">Azure Mask</h2>
<p>This is another favourite as it allows you to safely take screenshots whilst blurring out most of the sensitive data such as emails, the GUIDs for your subscription IDs, service principal secrets, storage keys, etc. It runs in Chrome, Firefox and Edge.</p>
<p>This one is a bit trickier to install as it is in an approval limbo land at the moment, but is well worth the effort for those of you creating blogs or technical documentation.</p>
<p>Here is an example screenshot of it in action:</p>
<p><img src="/images/posts/2020-02-24-masked.png" alt="AzMask" /></p>
<p>You can find instructions for Chrome and Firefox in the <a href="https://github.com/clarkio/azure-mask">repo</a>. Below are the instructions for Edge:</p>
<h3 id="enable-developer-mode">Enable developer mode</h3>
<ul>
<li>Go back into the <a href="edge://extensions/">extensions</a> screen.</li>
<li>Enable developer mode</li>
</ul>
<h3 id="install-from-package-zip">Install from package zip</h3>
<ul>
<li>Go to <a href="https://github.com/clarkio/azure-mask/releases">Releases</a> and download the latest .zip file (e.g. az-mask-1.1.5.zip )</li>
<li>Extract the zip into a folder</li>
<li>Click on the <strong>Load unpacked</strong> icon</li>
<li>Navigate to the folder with the zip’s contents and click on <strong>Select Folder</strong></li>
</ul>
<p><img src="/images/posts/2020-02-24-azmask-installed.png" alt="installed" /></p>
<p>Click on <strong>Details</strong> if you want to have the extension only apply to certain sites, such as https://azure.portal.com.</p>
<p>There shouldn’t be any need to enable the extension for InPrivate Browsing; just make use of additional profiles if you want to managed multiple cloud identities and take screenshots.</p>
<h2 id="kudos">Kudos</h2>
<p>A big thanks to <a href="http://mattlag.com/about/">Matt LeGrandeur</a> and <a href="https://www.clarkio.com/about/">Brian Clark</a> for their great work in creating these extensions.</p>Richard Cheneyrichard.cheney@microsoft.comCool extensions to allow you to download SVGs of the Azure Portal icons or mask sensitive data in screenshotsNetworking labs2020-01-28T00:00:00+00:002020-01-28T00:00:00+00:00http://archive.azurecitadel.com/news/networking<h2 id="introduction">Introduction</h2>
<p>As you know, the Azure Citadel site is a community site, and whilst many of the contributions are from the Cloud Solution Architects working with partners in the UK, we do welcome contributions from elsewhere within Microsoft and from the wider community.</p>
<p>I am pleased to have another example added to the site today. Binal Shah is one of our Principal CLoud Solution Architects over in California, and is sharing a set of labs that she has road tested with customers who are getting up to speed with core networking functionality in Azure.</p>
<h2 id="networking-labs">Networking Labs</h2>
<p>You will find the links to Binal’s repo on our <a href="/infra/networking">networking labs</a> landing page.</p>
<p>Each of the labs gives a simple example that highlights a specific area, and they are individually a nice manageable size, making it easy to consume. Some of the labs build on the configuration from the preceding lab so it is recommended to take them in order.</p>
<p>They cover both the portal and Azure CLI. You will create vNets and subnets, work with NSGs and UDRs, create transitive vNet peers, hub and spoke topology, deploy an NVA, set up a S2S VPN, plus Virtual WAN and Azure Firewall. The last few aren’t covered in our older Virtual Data Centre lab so this definitely fills a gap for this site.</p>
<p>The labs are currently in PDF form, but if they prove popular then we will transpose to native markdown. So let us know what you think in the comments!</p>Richard Cheneyrichard.cheney@microsoft.comSet of new labs covering a wide range of Azure networking conceptsServerless Twitter Bot2020-01-20T00:00:00+00:002020-01-20T00:00:00+00:00http://archive.azurecitadel.com/news/ServerlessTwitterBot<h2 id="new-serverlesstwitterbot-lab">New ServerlessTwitterBot Lab</h2>
<p>We have a nice, short lab from our very own Phil Harvey that is great as an introduction to Azure Serverless, creating a Logic App workflow with integration points, plus how simple it is to leverage GitHub Actions for CI/CD pipelines. Most cloud literate people should rattle through it in an hour or two and it is a great introduction to those services, plus how vscode can interact with them.</p>
<p>If you want to try the lab out then you can use our <a href="/devops/ServerlessTwitterBot/">landing page</a>, or head straight to Phil’s <a href="https://github.com/therealcodebeard/serverlesstwitterbot">repo</a>.</p>
<p>If you don’t want to spam your Twitter account then you can always get the Logic App workflow to trigger a custom email to yourself instead!</p>
<h2 id="microsoft-reactor-session-in-london">Microsoft Reactor session in London</h2>
<p>If you would rather run through it with Phil and his group of, ahem, rather talented proctors then come to our event on Tuesday 18th Feb at the Microsoft Reactor in London. It is a great opportunity to get some space and time for some learning, and you can engage with is on where you are and where you’re heading. If you are like me then I always prefer to dedicated some time to learn and to do so with others.</p>
<p>Places are filling up fast so get <a href="https://www.meetup.com/en-AU/Microsoft-Reactor-London/events/267316785/">registered</a>!</p>Richard Cheneyrichard.cheney@microsoft.comNew lab, plus link to partner event at The ReactorPartner Admin Link & Azure Lighthouse: Deep Dive and AMA2020-01-07T00:00:00+00:002020-01-07T00:00:00+00:00http://archive.azurecitadel.com/news/pal-and-lighthouse<h2 id="introduction">Introduction</h2>
<p>First of all, a very happy new year to you all! We have some new blood coming onboard into the UK One Commercial Partner team in Microsoft UK, so look out for some new content authors on this site in the coming months. (Don’t forget that you can <a href="https://azurecitadel.com/contributing">contribute</a> yourself.)</p>
<h2 id="pal-and-lighthouse-webinar">PAL and Lighthouse Webinar</h2>
<p>As you know this site is open to all, but was principally created to help UK partners working on the Azure platform. Many of those are managed service providers (MSPs), working on a mix of customer subscriptions including Cloud Solutions Provider (CSP), Enterprise Agreement (EA) and Direct (PAYG), plus a myriad of older offer types.</p>
<p>The CSP subscriptions automatically confer Admin on Behalf Of (AOBO) access, plus automated recognition of the Azure Consumed Revenue (ACR) that goes through that transaction flow. But how do we recognise where partners have influence via their managed services into EA and Direct customer subscriptions? (Hint - it’s Partner Admin Link!) And how does the new Azure Lighthouse service work in combination with PAL for true multi-tenancy management for MSPs?</p>
<p>Many of the partners that are managed out of the UK subsidiary are aware of a webinar we run on Wed 8th 13:00 - 14:30 GMT, which was open to anyone that has an MPN.</p>
<p>The session was recorded including captioning!</p>
<h2 id="webinar-recording">Webinar Recording</h2>
<p><a href="https://portal.meets4b.com/JoinCertain/Lobby?e=bcad15c9-ae7e-4983-96d2-a13b71e3f98c">Azure Lighthouse and PAL Deep Dive & AMA Recording Link</a></p>
<p>Maximising your partner recognition is more important than ever. Understand how to configure Partner Admin Link for managed services and trigger recognition and incentives for your managed services.</p>
<ul>
<li>How does PAL work with directory accounts, security principals and guest IDs?</li>
<li>How many of my admins need to link?</li>
<li>For each customer?</li>
<li>Each subscription?</li>
<li>How does it work when you have a Lighthouse delegation?</li>
</ul>
<p>We went into some detail and took your questions in the AMA (Ask Me Anything) section.</p>Richard Cheneyrichard.cheney@microsoft.comWebinar for managed services partner recognition and Azure Lighthouse based multi-tenancy access.Packer and Ansible labs2019-10-07T00:00:00+00:002019-10-07T00:00:00+00:00http://archive.azurecitadel.com/news/ansible-and-packer-labs<h2 id="introduction">Introduction</h2>
<p>The team behind this site does a lot of work with partners who are looking to automate as much as possible with the cloud. This has been the catalyst for a lot of the content creation for this site, but we see major benefits in making that publicly available for the greater good!</p>
<p>We do have a number of partners who work purely on Azure, we the reality is that most of us live in a multi-cloud world. On Azure Citadel we intentionally focus on Linux rather than Windows and have a love of all things open source whilst working on Azure. The same open source and multi cloud viewpoint has driven the choice of tooling used by some of our partners and by a number of customers.</p>
<p>A good example is Hashicorp’s Terraform, used for infrastructure as code deployments as a multi-cloud alternative to the native ARM templates that can only be used on Azure. The <a href="/automation/terraform">Terraform labs</a> are some of the most popular on this site. Over 15% of all Linux VMs on Azure are deployed via Terraform, and that number is growing.</p>
<h2 id="images-and-declarative-management">Images and Declarative Management</h2>
<p>One area that the site has not focused on to date is virtual machines. This is understandable given the modernisation direction towards containers, serverless, micro services and PaaS. Having said that, the reality is that an enormous percentage of the compute on the platform is still VM based and should not be neglected, particularly given the number of customer migrations onto Azure. Migrations may be straight lift and shift, porting a VMware or Hyper-V VM straight into a vNet, or may be a clean VM deployment with software installation and migration of the application data.</p>
<p>VMs are then often managed individually rather than as groups. If a VM gets an issue then it is common for an admin to log on and try to fix the problem as that is (usually) faster than having to rebuild that system from scratch.</p>
<p>There is a notable contrast when compared to the management of containers. If we look at the Azure Kubernetes Service (AKS), which is one of the fastest growing technologies on Azure, then everything is geared towards the creation and deployment of container images, and the management of those at scale using declarative templates. If a container errors then it is unceremoniously killed and another is generated from the image in the container registry, using the definitions in the YAML files.</p>
<p>Many of you will have seen articles using the analogy of pets v cattle with regard to the management of virtual machines and containers. A quick web search throws up a number of blog posts discussing the merits of the various approaches and tooling.</p>
<p>So, can we apply some of that management approach to our old school VMs?</p>
<h2 id="packer-and-ansible">Packer and Ansible</h2>
<p>Packer is another product from the Hashicorp stable, and is the default image creation software for Azure. (Packer also underpins the preview Azure Image Builder service, but we will use it natively to stay aligned with the multi-cloud tooling standpoint.) Packer has a number of builders (including Azure) and several provisioners, including two for Ansible.</p>
<p>Ansible can be used for infrastructure deployment - there is an azurerm provider - but is better known for config management. (Chef, Puppet, Salt, Octopus etc. also play in this area.) It is popular as it is open source, manages VMs agentlessly and has a significant community contributing useful roles into Ansible Galaxy.</p>
<p>And the two technologies play together very nicely.</p>
<h2 id="packer-and-ansible-labs">Packer and Ansible labs</h2>
<p>So here we are. A set of labs for Packer and Ansible that build on each other and include a number of Azure specific integration points.</p>
<p>If you work through the full set of labs then you will:</p>
<ul>
<li>build simple VM images with <strong>Packer</strong></li>
<li>deploy a few VMs from your custom image</li>
<li>manage static groups of VMs using ad hoc <strong>Ansible</strong> CLI commands</li>
<li>dynamically generate groups of VMs based on information from the <strong>Instance Metadata Service</strong></li>
<li>declaratively manage your VMs using <strong>Ansible playbooks</strong></li>
<li>search the <strong>Ansible Galaxy</strong> for roles to install and include in playbooks</li>
<li>create and publish your own <strong>custom roles</strong></li>
<li>deploy a <strong>Shared Image Gallery</strong> and create an image definition</li>
<li>combine Packer and Ansible and create a baseline Ubuntu image published to the Shared Image Gallery</li>
<li>add a <strong>custom RBAC role</strong> to enable role assignment write action for the service principal</li>
<li>use the baseline image as a source with both Ansible (remote) and Ansible Local</li>
<li>deploy a config management server (with Managed Identity) from the Shared Image Gallery image using <strong>Terraform</strong></li>
<li>use a combination of <strong>cloud-init</strong> and <strong>custom script extension</strong> to illustrate last mile VM configuration options</li>
<li>include an RBAC role assignment for the VM’s <strong>Managed Identity</strong> so that it is ready to manage VMs in that subscription</li>
</ul>
<h2 id="finishing-up">Finishing Up</h2>
<p>The labs cover a lot of ground and if you have always been interested in how Packer and Ansible could change how you deploy and manage VMs then take a look. Please make use of the Disqus comments areas to give us feedback and to let us know how you use Packer and Ansible with your customers.</p>
<p>One of the blog articles talks about pets v cattle v chickens, where cattle are VM images and software managed VMs, and chickens are container images / Kubernetes, and I think that these labs help towards making that a reality.</p>Richard Cheneyrichard.cheney@microsoft.comNew set of labs for creating VM images with Packer and managing VMs at scale with Ansible.ARM Template Viewer extension2019-09-26T00:00:00+00:002019-09-26T00:00:00+00:00http://archive.azurecitadel.com/news/arm-template-viewer<h2 id="arm-template-viewer">ARM Template Viewer</h2>
<p>You can normally tell when our very own Ben Coleman is going to pull something amazing out, as he goes a little bit radio silent for a couple of weeks. This month he’s done just that, and brought out a fabulous new extension for Visual Studio Code called ARM Template Viewer.</p>
<p><img src="https://github.com/benc-uk/armview-vscode/raw/master/assets/readme/screen1.png" alt="screenshot" /></p>
<p>The extension displays a graphical preview of Azure Resource Manager (ARM) templates. The view will show all resources with the official Azure icons and also linkage between the resources. You can drag and move icons as you wish, zoom in and out with the mouse wheel and drag the canvas to pan around. Clicking on a resource will show a small infobox with extra details.</p>
<p>You can search on either <code>bencoleman.armview</code> or <em>‘ARM Template Viewer’</em> in the Extensions view (<code>CTRL</code>+<code>SHIFT</code>+<code>X</code>) to install. Or go to the <a href="https://marketplace.visualstudio.com/items?itemName=bencoleman.armview">ARM Template Viewer</a> marketplace page and click on Install from there. Once installed then click on the eye symbol whenever your editor is focused on an ARM template.</p>
<p>Expect this to be added to the list of recommended extensions for the Creating ARM Templates labs. I plan to refresh those labs with screen grabs in time, but I think I will wait for WSL2 to go GA, plus confirmation of some ARM enhancements such as zero count loops plus sections for the subscription level and management group level ARM templates.</p>
<p>Fantastic work on the extension Ben, and it is great to see the number of installs rising each day!</p>Richard Cheneyrichard.cheney@microsoft.comBen Coleman's vscode extension for graphically displaying ARM TemplatesAzure Tips and Tricks2019-08-08T00:00:00+00:002019-08-08T00:00:00+00:00http://archive.azurecitadel.com/news/azure-tips-and%20tricks<h2 id="introduction">Introduction</h2>
<p>The <a href="https://microsoft.github.io/AzureTipsAndTricks/">Azure Tips and Tricks</a> site is pulled together by Microsoft’s own Michael Crump, and is a treasure trove of useful info for those of you working on the platform.</p>
<p>Much like our own site it is a GitPages site, supports community contributions and it has an RSS feed. You can browse by topic area, or the most recent additions, as well as an ever growing number of short <a href="https://www.youtube.com/playlist?list=PLLasX02E8BPCNCK8Thcxu-Y-XcBUbhFWC">videos</a>.</p>
<p>The tips cover a wide range of things from Azure services to APis and portal tricks. A good recent example is this tip about working with the <a href="https://microsoft.github.io/AzureTipsAndTricks/blog/tip213.html">Azure billing and cost management API</a>.</p>
<p>So take a look at the content and subscribe to that feed!</p>Richard Cheneyrichard.cheney@microsoft.comBlog site recommendationAzure Migrate2019-08-05T00:00:00+00:002019-08-05T00:00:00+00:00http://archive.azurecitadel.com/news/azure-migrate<h2 id="introduction">Introduction</h2>
<p>Another significant announcement from Inspire 2019 for partners was the major update to Azure Migrate. We have been waiting for this release for some time and it should really help accelerate migration of workloads onto Azure.</p>
<ul>
<li>Integrated experience for Discovery, Assessment, and Migration with end-to-end progress tracking for servers and databases</li>
<li>Server Assessment and Server Migration for VMware, Hyper-V, and physical server migrations</li>
<li>Database Assessment and Database Migration across various database targets</li>
</ul>
<p>Note that physical server assessment is expected in the next quarter, but as with all dates that is subject to change. Migration for physical servers is already there. Note that when we talk about physical servers this really covers physical and virtual servers that we need to talk to directly with an agent rather than via vCenter or Hyper-V Manager, and therefore covers other scenarios such as virtual machines running on Xen etc., or in other clouds such as AWS and GCP.</p>
<h2 id="background">Background</h2>
<p>Migrating existing workloads from on premises into the platform is the default first step for most customers, before they move on to exploring the exciting options in the cloud to modernise their applications.</p>
<p>Azure is a great destination for the OSS workloads that this site focuses on and Microsoft has proven to be a good open source citizen and guardian of GitHub. Having said that, there is no denying that this year we will be playing on our strengths with Windows Server and SQL Server. From assessment to migration to running the workloads we have a fantastic user experience, and naturally offer more options for SQL on Azure than you will find on competing platforms. This includes exciting options such as Managed Instance, Hyperscale and Serverless.</p>
<p>From a commercial perspective we are unbeatable with all of the following bringing the Azure pricing down:</p>
<ol>
<li>Reserved Instances</li>
<li>Hybrid Benefit (using Software Assurance to remove OS/SQL licence costs for VM pricing)</li>
<li>Free security updates for three years for Windows Server 2008 (R2) and Windows SQL 2008 (R2)</li>
</ol>
<p>The last one is key as the end of life dates for 2008 and 2008 R2 have become a natural trigger for latent cloud migration projects. When compared to the alternatives, Azure is proving more cost effective, simpler to migrate to and reduces business risk. Azure is therefore the natural platform of choice for many organisations.</p>
<h2 id="links">Links</h2>
<p>So these upgrades to Azure Migrate are very timely! Read about the new enhancements with these links:</p>
<h3 id="updates">Updates</h3>
<ul>
<li>[Update] <a href="https://azure.microsoft.com/updates/azure-migrate-enhancements/">Azure Migrate is now a central hub to start, execute and track your migration journey</a></li>
<li>[Blog Post] <a href="https://azure.microsoft.com/blog/introducing-the-new-azure-migrate-a-hub-for-your-migration-needs/">Introducing the new Azure Migrate: A hub for your migration needs</a></li>
</ul>
<h3 id="new-videos">New Videos</h3>
<ul>
<li><a href="https://www.youtube.com/watch?v=wFfq3YPxYHE">Get Started with Azure Migrate</a></li>
<li><a href="https://www.youtube.com/watch?v=gO89GtTaFas">How to discover, assess, and migrate VMware VMs to Azure</a></li>
<li><a href="https://www.youtube.com/watch?v=lrccmB01D_s">How to discover, assess, and migrate Hyper-V VMs to Azure</a></li>
</ul>
<h3 id="product-page">Product Page</h3>
<ul>
<li><a href="https://aka.ms/AzureMigrate">https://aka.ms/AzureMigrate</a></li>
</ul>
<h3 id="docs">Docs</h3>
<ul>
<li><a href="https://docs.microsoft.com/azure/migrate/migrate-services-overview">https://docs.microsoft.com/azure/migrate/migrate-services-overview</a></li>
</ul>
<h2 id="credit">Credit</h2>
<p>Thanks again to Taygan Rifat for another useful set of links.</p>Richard Cheneyrichard.cheney@microsoft.comMajor release with flexible assess and migrate framework for VMware, Hyper-V and physical servers, with options for 1st and 3rd party tools